Java Trojan on OSX
Hello,
I get updated notes as a memeber of SC Magazine which specialises in security risks across different platforms.
Yesterday I had notification that Apple have found a hole in its Java Scripting
This is what it says:-
After security researchers spotted active exploits taking advantage of the vulnerability, the update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, was released to close a dozen holes in Java 1.6.0_29. Apple said the most serious may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
That presumably refers to CVE-2012-0507, which researchers at Mac security firm Intego said was the latest variant of the password-stealing Flashback Trojan.
Intego said it had samples of variant ‘R' since 23March and had been finding new samples and variants of this malware almost daily since then. It recommended Mac users turn off Java in their web browser.
It also said Java is no longer provided with Mac OS X 10.7 Lion, but the first time a user needs to run it – when a Java applet loads, or when a user launches a Java applet on their Mac – the system will ask if the user wants to download it; if so, Apple provides the download directly and maintains its own version of Java.
Wolfgang Kandek, CTO of Qualys, said: “In addition, Mac users and IT admins for Macs should review whether Java is actually needed for their usage. If not, Java can be disabled through the Java Preferences program. Just uncheck 64-bit and 32-bit versions.”
Unpatched Java deployments are one of the largest malware threats facing enterprises today, according to Microsoft.
So my questions are :-
1) How do I ensure that Java is secure, as it states that I need to lock down and uncheck the the Java on 32 or 64bit versions
2) Is it now expedient to purchase Anti _Virus software for OSX?
Thanks David
jricketts wrote:
X423424X wrote:
These things can't keep up with the ever changing trojans anyhow and there are no known viruses on OSX.
Can you back that up? I'm thinking that's an incorrect statement. While there are not as many targeted towards Mac OS X as there are towards Windows, I would think it is errant to think that none exist or that an Apple computer is immune from being affected. The piece of malware that inspired this thread is a good example of a known threat. While it's a trojan horse and not specifically a computer virus, and indeed other major threats to Mac OS X have been worms and similar malware, I think it is prudent for all Apple users to be aware of threats to their systems and to take actions to safeguard them.
There have been viruses in the past, but all known viruses have been patched on an up-to-date OS X 10.6.8 and above. That does not include any other malware, but the kind that can infect without user interaction is currently in check. If somebody wants to argue that there was a viral Trojan being served over the past week or so, I would have to agree. I also agree with everything else you have said.
Additionally, I think it wouldn't be a bad idea to install an anti-virus onto a computer running Mac OS X. Just because the malware out there is increasing at a rate faster than you think AV vendors can keep up with is no reason to not have even basic protection.
As long as it doesn't adversely affect the operation of your computer and does not give one a false sense of security, I don't have a problem with that. I have four installed on my computer right now, but none of them are currently running.
Similar Messages
-
I've just installed Java for Mac OSX 10.5 Update 10 and can no longer run Java Applets from Firefox 5.0
Dear Craig,
Macbook Pro 2.4GHz Intel Core 2 Duo 4 GB RAM
I'm sure that this is 64-bit
CF 8.0.1 Enterprise Build 3080
I had moved the Java SE 6 to the top in both Plugin and Applications. The
correct version is showing in the terminal window. See below.
Last login: Thu Jun 18 11:27:09 on ttys001
Beta-4:~ Colin$ java -version
java version "1.6.0_13"
Java(TM) SE Runtime Environment (build 1.6.0_13-b03-211)
Java HotSpot(TM) 64-Bit Server VM (build 11.3-b02-83, mixed mode)
Beta-4:~ Colin$
CF will not start. I have the activity monitor open, and when I start CF you
see it in the activity monitor for a few seconds as it starts up. When the
message process is completed in the terminal window CF disappears in the
activity monitor.
Any suggestions?
C
Hi, Colin,
My apologies but I forgot to ask 2 questions: (1) What kind of Mac you have
(Intel or PowerPC)? (2) What version of CF are you running and what installer
did you choose (8 or 8.0.1, 32-bit, 64-bit, etc.)?
To start, try the following:
1. Normally you'd shut CF down first ... but that's not necessary for you
2. Open Java Preferences again
3. Select Java SE 6 and move it (drag) to the top spot in both section (Applet
Plugin and Applications)
4. Open Terminal
5. Type java -version (you should see 1.6.0_13 as the new version)
6. Try to start CF again
This may not work (I've had issues with it) but it's technically how it's
supposed to work. With the Java Preferences utility, you're visually setting a
default JVM (you can do it with commands in Terminal but this is much faster
and easier).
If CF still won't start, look for the jvm.config file in your CF application
folder (try /Applications/ColdFusion8/bin or
/Applications/ColdFusion8/runtime/bin -- the latter is where a jvm.config file
is on my machine for a particular version of CF that's installed similar to
yours). You can override the JVM in this file but, hopefully, that won't be
necessary!
Best,
Craig -
How Do I Get Java For Mac OSX 10.5.8 On A PowerBook G4 Or Update To Minimum MAC OSX 10.6.8 or later Without Spending Any Tech Mind Of My Own And Also Not Buy ANYTHING AT ALL!!!????? Please Help!!!
Sorry, it's for 64 bit IntelMacs only...
updating Java SE 6 to 1.6.0_26 for 64-bit capable Intel-based Macs.
Java for Mac OS X 10.5 Update 10 -
Some pages don't render properly after Java update for OSX 10.6.8
I can't seem to get T-mobile.com's website pages to render properly anymore. So far, this is the only website I'm having this issue with, though there could be more I'm not aware of.
I go to www.t-mobile.com and this is what I get:
I think I might be missing a plug-in, but not sure; if so, I don't know which one or how to get it.
This only started happening after the latest Java update for OSX 10.6.8, which I installed on Feb. 24, 2013. All of T-mobile's pages look like this, except if I go to www.my.t-mobile.com's home page. Then I get a normal page, but after I log in, I get more wierd rendering issues again. So here's the page that appeared normal today:
And after I log in successfully, I'm back to the wierd rendering issues again:
I was so lost but then I decided to try a work around to get my online bill and managed to get it, but I don't want to see the pages like this. So help please?So, here's more on my point...
I put in the 3 captured screen shots in my original post above. I used Grab to copy the web pages, saved them to my desktop as .tiff files and dropped them in for others to view. This morning, I went to look at my post and instead of seeing the screen shots, I see 3 tiny blue boxes with question marks. When I left click on the boxes, nothing happens. When I right click on them, I get options that are not helpful:
Open Image in New Window
Open Image in New Tab
Download Image
Copy Image Address
Import Image
Capture Selection from Screen
Convert Selected Traditional Chinese Text (why the frack is this an option?)
Convert Selected Simplified Chinese Text (or this an option?)
I checked my Safari Preferences and I see I have checked, under Security, Enable plug-ins, Enable Java, Enable JavaScript.I have to have Java enabled to run a few things.
Did something get corrupted in Safari?
Am I'm missing some plug-ins?
How do I get them back?
I'm going to search the internet. Well, after doing the search, I still don't think I've got what I need. Thinking I might need to reinstall Safari. If this is the case, will I loose all my Bookmarks? -
The steps to enable Java Webstart in OSX Mavericks are not working.
The steps located here: http://support.apple.com/kb/ht5559 are not re-enabling the Java Webstart for Java 6 in OSX Mavericks. I have tried all four steps about 20 times and looked at all the settings in all my browsers (chrome, safari, and firefox) and all say "missing plugin" when I go to any website that requires Java -- in this case, the NY Times Crossword Puzzle's "solve with a friend", which is incompatible with Java 7 so upgrading does not help me. I've tried searching for other answers and all keep directing me to the same four steps that have not worked.
A note, those steps worked when I had the same problem after upgrading to Mountain Lion. Should something be altered for Mavericks?
Please advise.You'll possibly need to remove Oracle Java altogether before, see these notes on their WebSite:
http://www.java.com/en/download/help/mac_uninstall_java.xml
After you remove it, go through the steps to re-enable Apple Java again; and, inside Safari, you can also go to its menu and choose "Reset Safari".
Hope this helps. -
I can't download coupons from Purina because I don't have the updated java, yet Java claims that OSX 10.6.8 can't suport the update. Is ther any recorse?
http://support.apple.com/kb/dl1573
-
Having trouble updating Java Runtime for OSX Lion
Is anyone having problems updating Java Runtime for OSX Lion?
I have the same problem. It is not possible to launch the "Java Preferences" app. When I do, I get the error message:
'To open “Java Preferences,” you need to install a Java runtime, but you are not connected to the Internet.'
I am *most certainly* connected to the internet, since I'm posting to this forum. -
Whats the story with Java 5 on OSX, can i get a beta?
To my knowledge, the most current JDK available for OSX is 1.4.2
Java is available on each OSX system. Most OSX ships with either 1.3.1 or 1.4.1 depending upon the OS. Java JDK version 1.4.2 is available as an update via software updates, but it does require Panther v3 or later. Here is a link with more information.
http://www.apple.com/macosx/features/java/
As for 1.5, I don't believe that is available yet. I could be wrong, but I believe when some sort of beta is available you may find out about it here...
http://developer.apple.com/java/ -
How do I remove Trojan horse OSX/FakeAlert.B codecm_uploader from my macbook?
How do I remove Trojan horse OSX/FakeAlert.B codecm_uploader from my macbook? My AVG AntiVirus keep putting up a pop up window to say that it's blocked the threat from spreading and I've to consider deleting the infected file. When I search for the file, I can't find it. It pops up literally every 30secs!
First, you need to get rid of AVG. It may have alerted you to this, but in general it's not much good on the Mac.
Second, that indicates that you are infected with the FkCodec, aka Codec-M, adware. See my Adware Removal Guide for instructions on removing it. Be aware that AVG might interfere with your attempts to remove it, thinking that it is protecting you.
(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.) -
Java for Mac OSX 10.4 Release7 will not work with eTrade Market Trader
After the latest update to 10.4.11 wich was the latest version of Java the java applet will not start. Talked to eTrade tech support and found out that their site only supports up Java1.6. Now I am trying to update my Mac Pro to 10.4.10 but can not find the update anywhere that is not bundled with the latest version of Java. Called Apple support, they did not have a solution, so to all you experts how can this problem be resolved ?
Thank you for your response. I spent 2 hours on the phone with an Apple Tech, he was really good and we went through all the possibilities (thank god for Apple Care Plan). He even got others involved but we all could not come up with anything else than to do an 'Archive-Install'. I did repair permissions several times. My Mac was running great prior to the update, I actually own 7 Mac's and I am very meticulous with maintenance and backing up everything. By the way I love these things. But when the new update came out, I told everybody to backup and then update the Mac's. Now I have 1 Mac that runs 10.4.8 and 6 that run 10.4.11. They all work great and are in great condition, but the only one that can run the online trading platform is the one running 10.4.8 and all the others have the software to access my .Mac account. Since I have these Mac's indifferent locations (so I can travel without lugging one along) I enjoy using all the .Mac features. Everything was so easy before "Java for Mac OSX 10.4 Release 7" came out. I am just really frustrated. I just wish I could go back to 10.4.10. But all the updates are bundled with the Java release 7. Is there any place where I can find 10.4.10 ?
-
SAPGUI JAVA 7.10 (OSX 10.5.1): cannot select multiple columns in ALV
Hi,
in sapgui java 7.10 (on mac osx 10.5.1) I cannot select multiple columns in ALV reports.
I can do it only in some transactions (like SE16). But on all our custom reports (REUSE_ALV_GRID_DISPLAY) in does not work.
Any hint?
Many thanks,
LorenzoHi Lorenzo,
did you double check if selecting multiple columns works with SAP GUI for Windows in the same report?
If yes, I suggest to file a bug report so we can do a remote logon to run your custom report.
If not it might be because of REUSE_ALV_GRID_DISPLAY itself or your parameters calling REUSE_ALV_GRID_DISPLAY.
Best regards
Rolf-Martin -
Simple Object Modelling and Java IDE for OSX?
I haven't been technical for a while and I want to refresh my Java and object modelling skills. I'm looking for two things. If I can find both in the same environment so much the better.
1) A basic UML modelling tool. All I really care about is describing a medium size object model: classes, sub-classes, attributes, relations, etc.
2) A basic Java IDE. Don't need EJB or anything complex. Just want to compile run and debug simple Java programs.
I down loaded Net Objects but it seems like overkill for what I want. I looked on some open source sites but almost nothing was native to OSX it all ran under Windows or required a Java virtual machine. Actually I guess that's another question, is there already a Java virtual machine as part of OSX or do I need to download one and if so which would be the best.
I'm willing to spend a few $$ but free stuff would be better and no more than $50. So far I found one product native to OSX but the starting cost was $400+ for a five person license.In case anyone has the same question, I just found this very nice tool on the Apple web site called Visual Paradigm for UML:
http://www.apple.com/downloads/macosx/development_tools/visualparadigmforumlente rpriseedition.html
I'm still getting to know it but this is exactly what I was looking for. Fairly easy to use if you already know OO but not as complex as some other tools and works well on the Mac. -
Install Java: either on OSX or Windows (bootcamp)
Hello,
i'm a java developer and new to OSX and recently, when i thought of running my java projects using eclipse in my MBP, one of my friend said that there was a backdoor exploit for MB, if i install it on my computer. So i need to know whether i can install eclipse ( need to install java in order to run the code) or should i make dual boot and install windows and then run my coding stuff? Which is safer acc to the security of the data?
Please suggest me with your opinions.
Thanks in advance.Backdoor exploits IN THE WEB BROWSER verison, that have been pretty well patched if you are installing the security updates. Don't leave Java in the browser enabled unless you need it and you will be fine.
Do not Install Windows, with its swiss cheese of doors for malware, unless you are really into malware self-abuse.
and you will need to go to Oracle to get java for your version of Mac OS X.
http://www.java.com/en/download/faq/java_mac.xml -
NEW TO JAVA: TROJAN, KEYLOGGER, VIRUS etc..
Hello,
Just a question about JAVA.
Can the JAVA language be used to create trojan, keylogger, virus etc..?Trojan: (i.e. something you trick an end user into running)
Java would not be the best choice for a trojan, as it requires the JVM installed, which many machines don't have. You could target MacOS X machines.
Keylogger: Not without JNI. At which point why bother writing a GUI in Java?
Virus: (i.e. something that spreads on its own) No, a Virus would rely on a OS native feature for self propergation. (such as a error in Outlook, or sending junk to a certain port).
You might think that Java Applets are a good target envorement for Viruses/trojans. Java Applets run in a very tightly controlled sandbox. -
I'm having problems running Java Applications on my iMac G5 with OSX verions 10.3.9. The Java apps won't open because it saids that my computer doesn't have Java 2 installed. I tried searching through Apple and Sun's websites for the most recent version of Java. Unfortunately most of the recent updates require OSX 10.4 and above.
I did find a couple of updates (Java 2 Updates) for OSX 10.3.9 but when I tried installing them it said that my Hard Drive doesn't have the right files. Another forum suggested that I edit one of the files in the installation package to override this issue. I did this edit and was able to install the updates. My computer now shows that I have Java 1.4.2 installed. However any Java Applications that require Java 2 still won't open.
Java is suppose to be a multi-platform programming language however I've experienced a tone of issues with my Mac. Applets don't work or run right with Safari or Firefox. And Java applications just won't open.
Can anyone help me out or give me any suggestions?
Oh yes has anyone else noticed Flash running slower on Mac than on a PC? Ever since I've upgraded my flash player to version 8 it's been running s-l-o-w since.Welcome To Discussions mpmct5!
"..."new" Mac uploader..."
Did this come from Dropshots?
There are other image hosting sites that can be used with Panther 10.3.9.
Such as PhotoBucket & ImageShack.
ali b
Maybe you are looking for
-
J2EE Engine startup page error: File [main.jsp] not found in application..
Hi Guys, I have just uninstalled and reinstalled SAP Netweaver 7.01 portal. The uninstall was clean and the reinstall also went without any errors. However, immediately after this, when I open http://<host>:<port> I get the following error: 404 Not
-
Why is the file so large when I record from the microphone?
I am trying to write a program that will save incoming and outgoing voicestreams while playing them. I have been successful thus far but when I record the voice from the speaker(microphone) the file size is in the Megabyte size within a few seconds o
-
InternalError: DES Decryption error
**PLEASE HELP** I recenty did an extension update from MCE 1.2.1 to 1.2.2 for both the 1.2.2 framework and provider. It resolved my previous ExceptionInInitializerError of 'Cannot set up certs for trusted CAs.' I'm now getting an InternalError or "DE
-
My account has been disabled and I have no idea how to reactivate it
No updates or purchases can be made on any of my devices connected to that account.
-
Using motion clips for overlays in dvd studio?
does anyone know if you can use a motion file,(eg. highlight for a dvd menu button), in dvd studio pro for overlays? like if you had a menu set up, and you need to put a highlght on a button for it's selected state? thanks